Amazon.com Inc. unit Bibliofind said that it has learned that hackers stole credit card and other personal information on about 98,000 of its customers.
Bibliofind, Waltham, Mass., said it now appears that hackers had access to its system as far back as October 2000. The intrusions continued until last week, when the company took its Web site offline.
A spokesman said the company first learned of a break-in when "graffiti" was posted on its Web site in February. "We investigated, and discovered that hackers downloaded compressed data files that included user information," he said.
The spokesman said the company's home page was altered during the February break-in, but said he wasn't sure how. So far, the spokesman said, the company hasn't received any reports of illegal activity on the affected customers' credit-card accounts.
For its part, Amazon, which acquired Bibliofind along with its parent Exchange.com in 1999, said its users' data weren't vulnerable during the attacks. "Obviously we were distressed to learn of the security breech at Bibliofind," a spokeswoman for the Seattle-based online retailer said. "We can certainly reassure Amazon's customers that the security of our own systems was never in question. The two systems share absolutely no data and don't communicate in any way."
Bibliofind said it has been in contact with federal law-enforcement authorities on this matter, and began notifying all affected customers directly by e-mail (see e-mail message ). The company has also contacted the appropriate credit-card companies so that they can take whatever steps necessary to protect their cardholders.
Meanwhile, Bibliofind has removed all customer credit-card information, as well as addresses and phone numbers, from its servers.
The company, which matches buyers and sellers of hard-to-find books, will also stop collecting personal information from its users. Sellers will be responsible for arranging payment privately with buyers. |
